Pages

Tuesday, 24 May 2016

FTC and FCC Shine A Light on Mobile Security Updates

Queries Raised on Security Updates on Devices by FTC & FCC

Since the Stagefright bug had been revealed, Google has started issuing monthly security updates for Android with companies like Samsung, LG and Sony dedicated to the program to also issue updates to their Android devices. Some of the queries which the Federal Trade Commission – FTC and the Federal Communications Commission - FCC have raised are – how exactly are these updates moving along, what is the process of deciding which phones tend to get updates, do manufacturers communicate to software developers when there are threatening vulnerabilities?

To seek additional information regarding how they issue security updates to address vulnerabilities in smartphones, tablets together with other mobile devices, the FTC had issued orders to around eight companies and the list of companies were not restricted to Android device manufacturers. The orders had been sent to Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola and Samsung. The requests for information include topics like `when does a company decides to disclose a susceptibility to consumers, whether companies provide unlocked variants of devices, what security testing procedures should each company follow’ and much more.

Rise in Susceptibilities with Mobile Operating System

The FTC also needs to know how the mobile device companies have responded to each weakness that could end in unauthorized code execution or compromise the confidentiality of consumer data. FCC in a blog post had mentioned that there have been a growing number of susceptibilities linked with mobile operating systems which tend to threaten the safety as well as the reliability of a user’s device that includes Stagefright in the Android operating system that could affect around 1 billion Android devices all over the world.

Yet the way the mobile device manufacturers, OS provider as well as mobile carriers have reacted to vulnerabilities could leave the user defenceless, for long period of time or even indefinitely, according to FCC. According to Google’s second annual Android security report that had been released last month, around 30% of Android devices seemed to be running the older versions of the OS which Google no longer tends to support with security updates.

As for operating system such as Android, the main reason as to why the updates do not tend to reach the consumers is due to carriers. Several of the carriers seem to delay pushing updates for a substantial period of time and generally wait for big operating system updates.

It is said that FCC had send out orders to carriers and in a separate though parallel inquiry. The FTC and FCC intend to focus on the significant delays from device manufacturers as well as carriers in addressing vulnerabilities in order to safeguard consumers from security threats.

If this type of action tends to take place, it would be a boon for Google since it could probably fix Android’s fragmentation problem. Since its launch, security has been an uncomfortable spot for Android and with several manufacturers manufacturing Android devices with their own customization; it has become difficult for Google to control the updates. It has instead been the task of manufacturers to update devices.

Monthly security updates seems to be quite common of late though only for certain devices. Cheaper and older devices are left aside and security seems to be a problem.